CVE-2018-1093 (retired)

The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linuxkernel through 4.15.15 allows attackers to cause a denial of service(out-of-bounds read and system crash) via a crafted ext4 image becauseballoc.c and ialloc.c do not validate bitmap block numbers.

Ubuntu-Description

Wen Xu discovered that the ext4 filesystem implementation in the Linuxkernel did not properly handle corrupted meta data in some situations. Anattacker could use this to specially craft an ext4 filesystem that caused adenial of service (system crash) when mounted.